npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

net-honeypot

v1.0.6

Published

detect port scans

Downloads

9

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

icarrythedustofajourneyicarrythedustofajourney

Keywords

portscanhoneypotwhitelistblacklist

Readme

net-honeypot

A node application monitoring TCP-ports to find out who's foe and who's friend.

Purpose

  • blacklist visitors when they scan pre-defined ports
  • whitelist visitors when they open ports in a pre-defined sequence

May be useful to

  • hide your service from bad visitors scanning your ports
  • optionally whitelist good visitors, after they opened ports in a pre-defined sequence
  • protect your webservice from malicious visitors

One can understand a port number (or a sequence) as a key to an otherwise hidden service. Friendly users usually know your service's port number by heart (...or link or bookmark).

Installation

git clone git://github.com/ICarryTheDustOfAJourney/net-honeypot.git && cd net-honeypot

...yes, this application needs no packages.

Usage

node index.js

Test

Start it, then open http://localhost:2000/

You will see reactions on the commandline and two new files list_black.json and list_white.json will appear.

Depending on the browser you are using, you may see multiple attempts to open the port. FF shows the intentionally invalid, somewhat meaningless response and may re-try. Chrome shows an ERR_INVALID_HTTP_RESPONSE screen.

list_black.json will get an entry, file size increases. You can inspect the files using a non-locking viewer like FF.

Wait at least 20 seconds, then open

each port exactly once and exactly in this sequence as defined in config.js within 20 seconds.

You will see list_white.json grow for 20 seconds by the new white visitor's record, containing the timestamp, IP-address & last port opened.

Alternatively, telnet works as a (more obedient) test-visitor:

  • telnet localhost 2001
  • telnet localhost 2003
  • telnet localhost 2000

You will need to implement this behaviour into your client-app, when using whitelists.

The black-/white-list files (JSON, names specified in config.js) will be updated and have to be read by your service, eg prior to serviceing log-in requests.

After a (adjustable) time-out period, visitors disappear from both lists. Entries in list_white.json will also appear in list_black.json. Read the white list first in your service. If an IP-address appears here, its a friend.

Now modify config.js to match your needs (self-explaining, port# etc.)

Make sure the ports are forewarded to your machine. Ports < 2025 need node to run under admin-rights. Not recommended.

Developed & tested under Linux 4.4.0 and Node V8.10.0.

Limitations

It may happen that by blocking IP-addresses even friendly users are locked-out, when they use the same address as a bad guy (eg in NAT-scenarios). After a short period the records are removed, so a patient re-try may resolve this.

Be careful when dealing with large # of visitors. Each needs an own record and thus ressources.

License

MIT